Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.asymptotelabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

MDM Deployment

Beacon’s macOS package is designed for security and IT rollout through MDM. A signed and notarized .pkg installs Beacon under /opt/beacon, creates system endpoint configuration, loads the local collector LaunchDaemon, and writes endpoint events to /var/log/beacon-agent/runtime.jsonl. The package installs and inventories a local-only endpoint agent. Beacon does not require a hosted account, remote policy fetch, or MDM API credentials for normal collection.

Package layout

The macOS package includes Beacon binaries, endpoint scripts, and MDM assets: 
/opt/beacon/bin/beacon
/opt/beacon/bin/beacon-otelcol
/opt/beacon/scripts/install-endpoint.sh
/opt/beacon/scripts/uninstall-endpoint.sh
/opt/beacon/jamf/extension-attributes/*.sh
/opt/beacon/jamf/scripts/*.sh
/opt/beacon/fleet/queries/*.sql
/opt/beacon/fleet/scripts/*.sh
The endpoint install creates system configuration and runtime state: 
/Library/Application Support/Beacon/Endpoint/config.json
/Library/Application Support/Beacon/Endpoint/otelcol.yaml
/Library/LaunchDaemons/com.beacon.endpoint.collector.plist
/var/log/beacon-agent/runtime.jsonl

Deployment model

1

Deploy to a pilot group

Upload the signed and notarized .pkg to your MDM and scope it to a pilot group, team, or label.
2

Confirm the system agent

Verify that the LaunchDaemon is running and that beacon endpoint wazuh validate writes a validation event.
3

Add inventory signals

Track version, collector service health, log freshness, retention mode, configured harnesses, and runtime log writability.
4

Scope repair workflows

Use the packaged repair scripts for endpoints where inventory reports a stale or unhealthy install.
5

Roll out in stages

Broaden deployment after inventory and validation stay healthy for the pilot population.
Environment variables take precedence over MDM script parameters:
Environment variableDefault
BEACON_ENDPOINT_HARNESSESclaude,codex
BEACON_CONTENT_RETENTIONfull
BEACON_OTLP_GRPC_PORT4317
BEACON_OTLP_HTTP_PORT4318
BEACON_COLLECTOR/opt/beacon/bin/beacon-otelcol when present
BEACON_NO_STARTaccepts 1, true, or yes
Cursor hook installation is separate from the base system package because Cursor configuration is per user. Run the Cursor hook helper only when an interactive console user is present.

Uninstall and rollback

Use the vendor uninstall helper to remove endpoint service files. Set BEACON_KEEP_LOGS=1 or the first uninstall argument to preserve runtime logs during removal. Set BEACON_KEEP_CONFIG=1 or the second uninstall argument to preserve harness telemetry configuration. 
/opt/beacon/jamf/scripts/uninstall.sh "$@"
/opt/beacon/fleet/scripts/uninstall.sh "$@"
The endpoint uninstall removes service and configuration state. Package payload removal remains under the MDM or package receipt lifecycle.

Jamf

Deploy and inventory Beacon with Jamf Pro policies and extension attributes.

Fleet

Deploy Beacon with Fleet software, policies, queries, and scripts.

SIEM forwarding

Forward Beacon runtime JSONL into Wazuh or customer-managed pipelines.